they’re probably patching a security flaw, because we live in the future now and it is perfectly normal for a simple clock to have backdoors that can read your bank accounts
“My dishwasher is on the internet!” - “Why is on the internet?” - “To download software updates!” - “Why does it need software updates?” - “To fix security vulnerabilities!” - “Why would it have security vulnerabilities?” -“Because it’s on the internet!”
I never connected my refrigerator to the internet. Why the fuck would I need Bixby on my refrigerator? I don’t even use the voice assistant on my phone.
Yeah, I’m absurdly suspicious of pretty much everything connected to the internet these days. I’m suspicious of any cameras, of people randomly happening to take a picture with me in the background. I’m suspicious of talking out loud around my phone…the future sucks.
Although, thankfully the pandemic has given me a seemingly never-ending excuse to wear something over my face at all times.
haha, same, every time someone asks me for a pic i have to choose between refusing by making something up (bad hair etc), going with the privacy infodump, or accepting and just regretting it for my whole life
And here we have why I have not connected my smart dishwasher to the Internet. Those 2 extra wash cycles don’t seem worth it. Especially considering I only ever use the most powerful sounding wash cycle.
I get that, I have a smart oven, washer, dryer and dishwasher. All connected to the internet (private guest network just in case), and they all send updates to one Telegram group chat using IFTTT. It’s pretty convenient to get updates when a device is done.
The only two things that I like about smart appliances:
remote preheat for the oven (ready to pop the frozen pizza in right when I walk in the door)
cycle end notification for the washer (when I’m in the basement I can’t hear the sound to know when to move the clothes to the dryer)
I can’t imagine needing a notification on the dishwasher (I’m never wanting for it to finish to do something else) or refrigerator (just what even would it do).
I guess the smart control of the hvac is nice (turn it on when I’m on my way back from vacation so the temperature is perfect when I get home), but does that count as an appliance?
I love that “door open” warning of my fridge, and I also like that I get a notification when the fridge unexpectedly disconnects from the network (which usually means that the power has gone out, so I can go and check before all my food has died).
Also, the notifications when then laundry machine finishes are handy (so I can unload it and avoid smelly clothes).
remote preheat for the oven (ready to pop the frozen pizza in right when I walk in the door)
Most ovens these days have a sort of time delay feature so you can set it to turn on X hours from now. Though I will admit it’s more convenient not to have to estimate what time you’re gonna be home at. Still, there are definitely alternatives to using an internet-connected over.
cycle end notification for the washer (when I’m in the basement I can’t hear the sound to know when to move the clothes to the dryer)
I already know my washing machine takes almost exactly 30 minutes to finish after I turn on the water. I just set a timer on my phone for that amount of time.
The delayed start requires planning ahead. I’m…not great at that.
As for the laundry cycles, my washer is variable on time depending on load size or dirt level or something. It’s rarely done by the time it estimates at the start.
lol yep. If only. My washer adjusts the cycle time based on…well honestly I don’t know what. Load size? Dirtiness? So if it starts the cycle and says it’ll be an hour, it could be 55 minutes or it could be 85 minutes. There’s just no way to be certain. Gets everything clean, though.
I could see a connected dishwasher being useful if all water using apps (liances, not lications) could coordinate with the water softener to determine if it needs to cycle before they start (and to automatically start once the soft water is ready).
The fuck a smart dishwasher gonna do, play Mozart while my dishes get smashed around inside then receive a text message later saying “Oi it’s me ur dishwasher I just finished the dishes” while it plays Mozart again but at max volume until you waddle your fatass over and press the ‘shut the fuck up’ button?
The companies BUILD IN backdoors so that they can steal your data.
But because the backdoor is built in, they have to constantly monitor and update the security around it so that “bad guys” (they don’t think they are the bad guys) don’t get in.
They only do security updates to prevent liability iirc.
The whole thing stinks.
Note: I’m not a software developer just an outraged bystander with tech hobbies and techy friends, it’s possible this isn’t true.
No need for backdoors when the front door is perfectly legal. The need to monitor for bad actors is still correct, though; mostly because they skimp on development costs and penetration testing. Like they say, “never attribute to malice that which is adequately explained by incompetence.” Or in this case, slashing budgets.
I hate Hanlon’s Razor with a passion. It’s just a way to introduce plausible deniability for cases that do involve malice. Not that this stuff necessarily is malicious, I just think it’s dumb to rule out maliciousness any time it could be incompetence.
If I were to rewrite Hanlon’s Razor today, I would update it as so: “Never attribute to malice that which is adequately explained by incompetence or indifference.” Because yes, it does introduce plausible deniability; but most of the most harmful things in our modern world aren’t malice, but simply big companies caring less about you than about their own precious profits, or politicians caring less about their constituents than about their kickbacks and campaigns.
But admittedly, the word “adequately” does do a lot of heavy lifting in the original and in my update, because I’d counter your (quite reasonable) objection with the corollary that if malice is evident, incompetence is no longer an adequate explanation.
In general, though, I’ve had simply too much experience in this world to believe that there’s a grand conspiratorial plan behind anything awful people do these days.
Good comment, I can agree with it. Though to address your last paragraph, I wasn’t trying to say that it’s usually maliciousness or best to assume it, I just don’t think it should be summarily dismissed.
I’d also say that there’s not much functional difference between a pattern of malice, incompetence, or indifference.
Totally true. Though you might address the various patterns differently (malice = legal action, incompetence = mandated education, indifference = financial penalty), the results of the patterns are often the same.
What would the “front door” even be in this case? What comes to my mind is the corresponding app on your phone, but that doesn’t really make sense in this context.
In this case, the “front door” would just be not hiding it. Normal, un-hidden APIs. A back door is usually something that the developer includes without informing the user, but they don’t need to be surreptitious; there’s no legal reason to pretend that they’re not collecting the data, and unless you’ve built your brand on privacy and security, there’s no business reason to do so either in the current cultural climate.
And given that the appliance needs to communicate with the app on your phone while you’re not home in the first place, there probably isn’t even a separate tracking API vs. data just being harvested as part of normal operations. So “back door” doesn’t really fit. “Broken by design” or “spyware” would be more apt, I think.
Still, I’m really not a fan of calling any spying/data harvesting a “front door” – IIRC, the term was coined by an FBI head pushing for back doors in our phones so the FBI could scan our messages. But he called it a “front door” as a way to dodge the reasons why building back doors in our security software is a terrible idea.
It’s just another step in the terrible trend of “let’s pretend that this horrible idea is ok if we just rename it” :(
I have been with a few companies as an engineer, and can at least confirm that you are right from my experience. Nobody really needs a backdoor to get massive amounts of data. The ToS for most software makes it so they can already do whatever they want with it. It’s pretty easy to get a lot of data just by having people use their services normally.
My biggest question to this type of thing is, what data? Why is it you’re all so concerned about a tech company knowing how you use their services or what you’re spending your money on?
The only ones I’m worried about doing that are foreign owned companies that operate in realms where my personal data could be actively harmful. I don’t use TikTok because our only real military adversary is using it to assemble Petabytes worth of data on Western populations which they can turn into cyberware via reactionary propaganda.
Know what I don’t care about? Doordash knowing what I’m more likely to spend my money on. Microsoft trying to sell me an Office365 subscription.
“Outraged bystander” yeah, clearly. Most of you are just parrots who follow the FOSS crowd but don’t know enough to actually vet their information. You think they’re all these full stack programmers who have deep insights but most of them are just paranoid hobbyists who think any shred of data on their spending habits = the end of the free world. As if Wingstop knowing your propensity of eating dry rub versus buffalo is worth anything at all beyond trying to sell you a product.
So what kind of parrot are you? It’s not unusual to want to restrict who can snoop on you, even for trivial information. I’ve worked on embedded software - what gets logged and reported can get downright obnoxious.
I’m not sure if it’s getting better, but I’m seeing less of it these days. It could just be that I’m working for better companies though.
The more a company knows about you, the more money they can make out of you. For example, cab companies have been caught increasing prices for customers whose phone batteries were dying.
Unless you are a journalist, high-ranking civil servant or military officer, foreign governments aren’t usually a huge threat. You are most likely not worth their time, and (apart from maybe the US) it’s not like they can actually do anything to you.
I didn’t say that me as an individual was worth the time of a foreign government, because I’m not talking about one off events like someone wanting information on me specifically.
I’m talking about the attempt by foreign nationals to undermine our entire society by preying on social media and misinformation. The kind of shit thats been affecting people on Facebook for years now and thats being used to affect the Tiktok algorithm as well.
Fair point. But if a foreign government can use Facebook / TikTok data to undermine society, can’t big companies or other interest groups do the same? More importantly, can’t Facebook or TikTok do the same? At least governments have checks and balances, and are at least theoretically accountable to their people. Companies can do whatever they like.
Companies don’t need to follow laws? Last time I checked the reason they can “do whatever they want” is the same as the government’s. Because no one ever fucking holds their feet to a fire. In theory both entities are held to standards, in reality neither are.
Many do follow the law, but have the law written to their convenience. Why bother stealing data when you can get it for free from people who don’t know any better?
My Wingstop orders? Sure. Once again, WHO FUCKING CARES. I don’t use social media for anything but sharing memes. I don’t post, I have the absolute bare minimum required information, and my account usually isn’t even my real name.
Even if the US government went full on USSR tomorrow, the data they have on me isn’t the type to be useful to them because my traditional social media usage is so damn low. Tiktok wasn’t the only example, it’s just the one with the most obvious political implication for us right now.
If I had a reason to hide my data (like in your hypothetical) then I could do it at the drop of a hat by switching fully to Linux which I already use. I have emails with three different providers only one of which is Google, and I don’t federate anything critical.
You guys are just so concerned about the stupidest information that can’t even be used against you unless it’s for selling you a product.
Outside of the car (mines a 90’s model) none of that is even remotely avoidable even if you went totally FOSS. Your ISP still needs your info and you’ll still use some kind of bank or credit union.
Because it can be used against you in one way or another. You never know were the data end up at. It could leak or the government force them to give the data and lower your score in any system.
That is the point, we dont know what system they will come up with in the future. Lets build a social score system that we use to tax you economical and take past data into account. Hint China.
they’re probably patching a security flaw, because we live in the future now and it is perfectly normal for a simple clock to have backdoors that can read your bank accounts
“My dishwasher is on the internet!” - “Why is on the internet?” - “To download software updates!” - “Why does it need software updates?” - “To fix security vulnerabilities!” - “Why would it have security vulnerabilities?” -“Because it’s on the internet!”
I never connected my refrigerator to the internet. Why the fuck would I need Bixby on my refrigerator? I don’t even use the voice assistant on my phone.
Yeah, I’m absurdly suspicious of pretty much everything connected to the internet these days. I’m suspicious of any cameras, of people randomly happening to take a picture with me in the background. I’m suspicious of talking out loud around my phone…the future sucks.
Although, thankfully the pandemic has given me a seemingly never-ending excuse to wear something over my face at all times.
haha, same, every time someone asks me for a pic i have to choose between refusing by making something up (bad hair etc), going with the privacy infodump, or accepting and just regretting it for my whole life
deleted by creator
And here we have why I have not connected my smart dishwasher to the Internet. Those 2 extra wash cycles don’t seem worth it. Especially considering I only ever use the most powerful sounding wash cycle.
I get that, I have a smart oven, washer, dryer and dishwasher. All connected to the internet (private guest network just in case), and they all send updates to one Telegram group chat using IFTTT. It’s pretty convenient to get updates when a device is done.
Mine just beep when they’re done.
The only two things that I like about smart appliances:
I can’t imagine needing a notification on the dishwasher (I’m never wanting for it to finish to do something else) or refrigerator (just what even would it do).
I guess the smart control of the hvac is nice (turn it on when I’m on my way back from vacation so the temperature is perfect when I get home), but does that count as an appliance?
A notification you’ve left the fridge door open could be handy.
How often do you animals just leave the fridge standing open?
It’s usually when it doesn’t close properly for some reason.
I love that “door open” warning of my fridge, and I also like that I get a notification when the fridge unexpectedly disconnects from the network (which usually means that the power has gone out, so I can go and check before all my food has died).
Also, the notifications when then laundry machine finishes are handy (so I can unload it and avoid smelly clothes).
Ohhhh…kay, yes, you’re right. Dang, I want that now.
BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP BEEP
“Sounds like I left the fridge open.”
Seriously, I can hear that beep anywhere in the house.
What about the sweaters in the oven?
Yeah, I would definitely want to know.
deleted by creator
Most ovens these days have a sort of time delay feature so you can set it to turn on X hours from now. Though I will admit it’s more convenient not to have to estimate what time you’re gonna be home at. Still, there are definitely alternatives to using an internet-connected over.
I already know my washing machine takes almost exactly 30 minutes to finish after I turn on the water. I just set a timer on my phone for that amount of time.
The delayed start requires planning ahead. I’m…not great at that.
As for the laundry cycles, my washer is variable on time depending on load size or dirt level or something. It’s rarely done by the time it estimates at the start.
dumb me for using a timer on the washer /s
lol yep. If only. My washer adjusts the cycle time based on…well honestly I don’t know what. Load size? Dirtiness? So if it starts the cycle and says it’ll be an hour, it could be 55 minutes or it could be 85 minutes. There’s just no way to be certain. Gets everything clean, though.
Cool, but that’s only half the truth, 'cause how do you turn off your fridge, microwave stuff etc. when you’re away from home then?? /s
We once invented multiple protocols, because doing everything over the same protocol is obviously a bad idea…
I could see a connected dishwasher being useful if all water using apps (liances, not lications) could coordinate with the water softener to determine if it needs to cycle before they start (and to automatically start once the soft water is ready).
Is that even a thing?
The fuck a smart dishwasher gonna do, play Mozart while my dishes get smashed around inside then receive a text message later saying “Oi it’s me ur dishwasher I just finished the dishes” while it plays Mozart again but at max volume until you waddle your fatass over and press the ‘shut the fuck up’ button?
Don’t forget lightbulbs.
https://support.sengled.com/hc/article_attachments/360041314774/mceclip3.png
Great plot for hackers 2.
The companies BUILD IN backdoors so that they can steal your data.
But because the backdoor is built in, they have to constantly monitor and update the security around it so that “bad guys” (they don’t think they are the bad guys) don’t get in.
They only do security updates to prevent liability iirc.
The whole thing stinks.
Note: I’m not a software developer just an outraged bystander with tech hobbies and techy friends, it’s possible this isn’t true.
No need for backdoors when the front door is perfectly legal. The need to monitor for bad actors is still correct, though; mostly because they skimp on development costs and penetration testing. Like they say, “never attribute to malice that which is adequately explained by incompetence.” Or in this case, slashing budgets.
I hate Hanlon’s Razor with a passion. It’s just a way to introduce plausible deniability for cases that do involve malice. Not that this stuff necessarily is malicious, I just think it’s dumb to rule out maliciousness any time it could be incompetence.
If I were to rewrite Hanlon’s Razor today, I would update it as so: “Never attribute to malice that which is adequately explained by incompetence or indifference.” Because yes, it does introduce plausible deniability; but most of the most harmful things in our modern world aren’t malice, but simply big companies caring less about you than about their own precious profits, or politicians caring less about their constituents than about their kickbacks and campaigns.
But admittedly, the word “adequately” does do a lot of heavy lifting in the original and in my update, because I’d counter your (quite reasonable) objection with the corollary that if malice is evident, incompetence is no longer an adequate explanation.
In general, though, I’ve had simply too much experience in this world to believe that there’s a grand conspiratorial plan behind anything awful people do these days.
Good comment, I can agree with it. Though to address your last paragraph, I wasn’t trying to say that it’s usually maliciousness or best to assume it, I just don’t think it should be summarily dismissed.
I’d also say that there’s not much functional difference between a pattern of malice, incompetence, or indifference.
Totally true. Though you might address the various patterns differently (malice = legal action, incompetence = mandated education, indifference = financial penalty), the results of the patterns are often the same.
Right, it’s just a front door lol. I never considered that was a thing.
What would the “front door” even be in this case? What comes to my mind is the corresponding app on your phone, but that doesn’t really make sense in this context.
In this case, the “front door” would just be not hiding it. Normal, un-hidden APIs. A back door is usually something that the developer includes without informing the user, but they don’t need to be surreptitious; there’s no legal reason to pretend that they’re not collecting the data, and unless you’ve built your brand on privacy and security, there’s no business reason to do so either in the current cultural climate.
And given that the appliance needs to communicate with the app on your phone while you’re not home in the first place, there probably isn’t even a separate tracking API vs. data just being harvested as part of normal operations. So “back door” doesn’t really fit. “Broken by design” or “spyware” would be more apt, I think.
Still, I’m really not a fan of calling any spying/data harvesting a “front door” – IIRC, the term was coined by an FBI head pushing for back doors in our phones so the FBI could scan our messages. But he called it a “front door” as a way to dodge the reasons why building back doors in our security software is a terrible idea.
It’s just another step in the terrible trend of “let’s pretend that this horrible idea is ok if we just rename it” :(
It’s difficult to monetise data if you source it illegally (except in China maybe). Nobody reads the ToS anyway so it’s not like you need a backdoor.
I have been with a few companies as an engineer, and can at least confirm that you are right from my experience. Nobody really needs a backdoor to get massive amounts of data. The ToS for most software makes it so they can already do whatever they want with it. It’s pretty easy to get a lot of data just by having people use their services normally.
Why steal what’s being given away freely.
My biggest question to this type of thing is, what data? Why is it you’re all so concerned about a tech company knowing how you use their services or what you’re spending your money on?
The only ones I’m worried about doing that are foreign owned companies that operate in realms where my personal data could be actively harmful. I don’t use TikTok because our only real military adversary is using it to assemble Petabytes worth of data on Western populations which they can turn into cyberware via reactionary propaganda.
Know what I don’t care about? Doordash knowing what I’m more likely to spend my money on. Microsoft trying to sell me an Office365 subscription.
“Outraged bystander” yeah, clearly. Most of you are just parrots who follow the FOSS crowd but don’t know enough to actually vet their information. You think they’re all these full stack programmers who have deep insights but most of them are just paranoid hobbyists who think any shred of data on their spending habits = the end of the free world. As if Wingstop knowing your propensity of eating dry rub versus buffalo is worth anything at all beyond trying to sell you a product.
So what kind of parrot are you? It’s not unusual to want to restrict who can snoop on you, even for trivial information. I’ve worked on embedded software - what gets logged and reported can get downright obnoxious.
I’m not sure if it’s getting better, but I’m seeing less of it these days. It could just be that I’m working for better companies though.
The more a company knows about you, the more money they can make out of you. For example, cab companies have been caught increasing prices for customers whose phone batteries were dying.
Unless you are a journalist, high-ranking civil servant or military officer, foreign governments aren’t usually a huge threat. You are most likely not worth their time, and (apart from maybe the US) it’s not like they can actually do anything to you.
I didn’t say that me as an individual was worth the time of a foreign government, because I’m not talking about one off events like someone wanting information on me specifically.
I’m talking about the attempt by foreign nationals to undermine our entire society by preying on social media and misinformation. The kind of shit thats been affecting people on Facebook for years now and thats being used to affect the Tiktok algorithm as well.
Fair point. But if a foreign government can use Facebook / TikTok data to undermine society, can’t big companies or other interest groups do the same? More importantly, can’t Facebook or TikTok do the same? At least governments have checks and balances, and are at least theoretically accountable to their people. Companies can do whatever they like.
Companies don’t need to follow laws? Last time I checked the reason they can “do whatever they want” is the same as the government’s. Because no one ever fucking holds their feet to a fire. In theory both entities are held to standards, in reality neither are.
Many do follow the law, but have the law written to their convenience. Why bother stealing data when you can get it for free from people who don’t know any better?
Later on when the “good guys” have a change in leadership to someone who’s just a bit more ruthlessly profit-driven, they already have all your data.
My Wingstop orders? Sure. Once again, WHO FUCKING CARES. I don’t use social media for anything but sharing memes. I don’t post, I have the absolute bare minimum required information, and my account usually isn’t even my real name.
Even if the US government went full on USSR tomorrow, the data they have on me isn’t the type to be useful to them because my traditional social media usage is so damn low. Tiktok wasn’t the only example, it’s just the one with the most obvious political implication for us right now.
If I had a reason to hide my data (like in your hypothetical) then I could do it at the drop of a hat by switching fully to Linux which I already use. I have emails with three different providers only one of which is Google, and I don’t federate anything critical.
You guys are just so concerned about the stupidest information that can’t even be used against you unless it’s for selling you a product.
do you have a phone?
do you have a car that was manufactured after 2015?
does your ISP know your real name?
do you have a bank account?
I guarantee you there’s already more of your data out there than you’re comfortable with.
Outside of the car (mines a 90’s model) none of that is even remotely avoidable even if you went totally FOSS. Your ISP still needs your info and you’ll still use some kind of bank or credit union.
is exactly the point I was trying to make to the guy who was like “I just use Linux and put a fake name on my GrubHub orders”
A lot of it is definitely performative security theatre style sticking your head in the sand.
Because it can be used against you in one way or another. You never know were the data end up at. It could leak or the government force them to give the data and lower your score in any system.
What score in what system?
That is the point, we dont know what system they will come up with in the future. Lets build a social score system that we use to tax you economical and take past data into account. Hint China.
Megaman Battle Network was prophetic. You’re just living daily life and then a terrorist kills your child by hacking the AC.
Thank you. I forgot about that game. I had meant to play it for some time.